"Viruses are executables and various computer environments allow them to run without anyone having to validate whether they're authentic or not," explained IT guru Robin Bloor, a partner with Hurwitz & Associates. "The correct solution to the problem is to authenticate the software before it runs."
IT guru Robin Bloor has thrown down the gauntlet to the antivirus software industry, but the only response he's received has been the equivalent of one hand clapping.
For months now, Bloor, a partner with Hurwitz & Associates, a consulting and research firm in Waltham, Mass., has been preaching about the demise of antivirus software. He's even cooked up an acronym for it: AVID, for "Anti-Virus Is Dead."
"When I floated the idea that antivirus software was irrelevant, I expected some kickback," he told TechNewsWorld. "I expected to be contacted by antivirus companies to demonstrate to me why I was wrong, but they went silent."
"This a (US)$4 billion industry that isn't doing its job," Bloor declared. "It's like a boatmaker making boats with holes in them.
"The industry believes the way to deal 
with the problem is the way you would deal with any biological invader of the body, which is a completely wrong idea," he contended.
What needs to be done, he maintains, is not to foil black-hat software but to only allow white-hat software to run; in other words, a whitelist versus a blacklist approach.
"Viruses are executables and various computer environments allow them to run without anyone having to validate whether they're authentic or not," Bloor explained. "The correct solution to the problem is to authenticate the software before it runs."
Corporations are realizing that antivirus software isn't providing them with the level of protection they need, added Andrew Jaquith, a senior analyst with the Yankee Group.
"The traditional, signature-based technologies are simply not able to keep up with the sheer volume of malware that's out there," Jaquith told TechNewsWorld. "There are over 200,000 unique pieces of malware out there. Some host intrusion vendors say that number is closer to a million.
"That's a tactic being exploited by the bad guys," he continued. "The folks circulating spyware have taken a deliberate tactic of generating unique variations of malware in an effort to overwhelm the labs of the antivirus companies."
"When you consider that the average PC has maybe 50,000, 100,000 files on it, it's becoming easier to count the number of good things than it is to count the number of bad things," Jaquith added
To create a secure computing environment, he maintained, traditional antivirus software needs to be supplemented with host intrusion prevention, or behavior blocking software.
Behavior blocking applications analyze what an application is doing and prevent it from executing suspicious actions.
Another preventive approach is the applications whitelist. Applications on the list are allowed to run on a computer; everything else is blocked.
"We see a lot more interest in whitelisting, as companies have more and more trouble dealing with all the different types of threats that they face," observed Sioux Fleming, director of product management for CA (NYSE: CA).
While acknowledging that whitelists can be effective, Randy Abrams director of technical education at antivirus software maker ESET, warned that they can be a bear to administer because on top of adding new programs to the list at the request of users, existing applications are continually be upgraded and patched.
What's more, pressure from users to add files to the list can undermine its effectiveness. "If you start adding programs to the list just because someone wants to run a program, you're not doing the research to determine if it should be trusted," Abrams told TechNewsWorld.
Whitelists shouldn't be seen as a substitute for antivirus software, maintained Scott Petry, founder and CTO of network security firm Postini.
"I don't think anyone is going to start whitelisting and turn off their AV protection," Petry told TechNewsWorld. "There's just too much opportunity for something to be executed or run on the network. You need something that's scanning the bits and scanning the data that's being executed."
He cited a Web browser as an application that might appear on a whitelist but could be an entry point for malware.
"You could get a Java applet or a payload that could be nasty stuff. They would never register as an application per se in this whitelisting environment, but it would be an application that's executing and doing nasty things," he said.
Nevertheless, there are companies that swear by the whitelisting approach to security. The First National Bank of Bosque County in Valley Mills, Texas, shelved all its antivirus software in favor of a whitelist solution offerd by SecureWave.
Since the bank started using whitelisting, Vice President Brent Rickels said that security has been a less worrisome problem. "I know that the worst exploit of all can be running loose out there, but if it's not on my whitelist, it's not going to run," Rickels told TechNewsWorld.
Antivirus dead? Not so, contends SecureWave Senior Vice President Dennis Szerszen. "It's a misplaced child," he said. "We expect our antivirus solutions to do a whole lot more than they can potentially can do.
"We expect them to keep us safe," he continued. "We've expected them to be the thing that keeps us from having to become security experts and engineers. That kind of burden has overstressed the concept of what antivirus is supposed to be."
Print Version
E-Mail Article
Reprints
More by John P. Mello Jr.
Next Article in Security
|
Immigration Crackdown Uncovers Identity Theft Maneuvers December 14, 2006 
This week's synchronized raids on Swift meatpacking plants in several states revealed not only the presence of thousands of illegal immigrants in the company's workforce, but also their widespread use of identity theft to obtain the documents necessary for employment.
|
Related Stories
|
New Spy Sweeper Includes Sophos AntiVirus Component November 01, 2006 
In partnership with software vendor Sophos, Webroot Software has developed Spy Sweeper with AntiVirus. When run, Spy Sweeper with AntiVirus can automatically download the latest spyware and virus definitions from Webroot's servers. Webroot's engineers use the accumulated Phileas V data to ensure that its spyware definition database and detection capabilities are current.
|
Survey Finds Consumers Balk at Updating Malware Protection July 19, 2006 
"Overall, the research shows that many consumers have a false sense of security while online," ESET Chief Research Officer Andrew Lee said in a statement. "With the number of zero-day threats rapidly increasing, users need to be even more cautious and proactive in their own protection."
|
McAfee Cites Open Source for Malware July 18, 2006 
McAfee released the first edition of its security journal Sage Tuesday, and focused the issue on the open source approach malware authors are taking in creating code to target computer systems. However, McAfee Security Research and Communications Manager David Marcus told LinuxInsider, "We're not trying to connect malware with the open source community."
|
Related News Alerts
More by John P. Mello Jr.
|
Learning the Way of the Snow Leopard November 23, 2009 
When confronted with a new piece of technology, some users will jump right in, but others may want to learn from an expert how to get the most out of it. Class On Demand puts 13 lessons onto a DVD that Mac greenhorns can use straight from their new computers. However, as many vendors operating in the Apple universe have found, one of their biggest rivals may turn out to be Apple itself.
|
VMware Fuses Performance With Convenience November 16, 2009 
Fusion 3.0, the latest virtualization app from VMware that lets Mac users run Windows alongside OS X, puts an emphasis on performance. VMware built it specifically to leverage the 64-bit capabilities of Snow Leopard with a new 64-bit native engine. Its Migration Assistant for Windows lets Mac switchers recreate their old Windows PC inside a Mac, file by file.
|
Mouse Meets Multi-Touch November 09, 2009 
Apple's latest peripheral, the Magic Mouse, takes the concept of multi-touch that the iPhone and iPod touch popularized and merges it with a button-free mouse. As one's mouse is a direct point of contact between human and machine, any changes made to it can be a divisive issue. Some users love the new abilities Magic Mouse brings to the table; others just can't stand the thing.
|
Get Business and Technology News Alerts
Most Popular | Spotlight Features | Exclusives
This Week on ECT News Network | Podcasts
Online Retail Transaction Performance Indices
Inside E-Commerce Times
|
Reader Services
|
Corporate
|
Headline Feeds
Talkback: 
